Value Comparer Requirement

Value Comparer Requirement

This requirement compares two values.  If they are equal the requirement passes.  If they are different the requirement fails.

The metadata below is for a requirement that only passes if the authenticated user is a particular person.  It uses Input Context Objects for some values.

{
  "endpoints": {
    "ExamplesGetSingleProduct": {
      "route": {
        "httpMethod": "GET",
        "segments": {
          "examples": {
            "isLiteral": true,
            "type": "string"
          },
          "products": {
            "isLiteral": true,
            "type": "string"
          },
          "productId": {
            "isLiteral": false,
            "type": "long"
            "security": {
              "CurrentPersonIsAiesha": {
                "type": "ValueComparer",
                "parameters": {
                  "expectedValue": "1",
                  "actualValue": "@AuthenticatedAttributes.AuthenticatedPrincipalRecordId"
                }
              }
            }            
          }
        }
      }     
    }
    //remaining metadata omitted
  }
}

Why did we add this security block to a route segment instead of the endpoint or an input entity field?  

If we had put it at the endpoint level it would have had no effect.  Remember, only one requirement in a collection needs to pass for the entire collection to pass.  By default, the framework always adds an authentication requirement to the endpoint collection.  If this requirement was also at the endpoint level we would have and the authenticated person was not person id 1, we would have:

When we move it to the route segment level we have:

And the request fails if the person is not Aiesha.  This requirement could have also been added at the input entity field level to achieve the same result.